Threat actors have employed the sophisticated Android Trojan known as the “Godfather Banking Trojan” to steal financial information from their victims. The malicious software, which was created in 2021, replicates itself on the user’s device before using HTML spoofs to imitate login sites for legitimate programs. Additionally, it launches keyloggers, opens VNC connections, captures the victim’s device’s screen, forwards calls (to get around two-factor authentication), conducts USSD requests, and sends SMS messages from infected devices. As a result, it presents a serious risk to users who are not aware of these techniques and, if not stopped in time, can result in catastrophic financial losses.
Background of Godfather Banking Trojan
Due to its sophisticated functions, which enable it to go around two-factor authentication systems and other security precautions put in place by banks or other online businesses, this specific sort of malware is special. The ability to capture the victim’s device’s screen, establish VNC connections, start keyloggers, exfiltrate push notifications (bypassing two-factor authentication), forward calls, run USSD commands, and send SMS messages from infected devices are some of these features. Establishing WebSocket connections is another new function included in the September 2022 update to Godfather.
Some History of Godfather
The Godfather banking Trojan is a replacement for the formerly popular Anubis banking Trojan and was first identified in 2019 by Group-IB, a cybersecurity firm from Singapore. The malware has since been modified frequently to work with subsequent Android versions, such as Android 9 and 10. The malware has more recently been made available as a “Malware-as-a-Service” platform. This makes it simple for hackers to launch attacks without the need for technical expertise or resources.